|
1 | 1 | v2.0.2 | May 12 2026: |
2 | 2 |
|
3 | | - -- Fixes -- |
4 | | - |
5 | | -[Fix] quarantine: symlink TOCTOU guards across scan-to-quarantine |
6 | | - (_batch_quarantine pre-filter + per-file, _quarantine_file, quar_hitlist |
7 | | - callers), restore (_validate_restore_path), and clean-failure |
8 | | - re-quarantine (clean); SECURITY-FINDINGS P2-1 + P3-6 deferred from 2.0.1 |
9 | | -[Fix] alert: telegram delivery failed on MarkdownV2 reserved characters in |
10 | | - substituted token values; wired escape_mode in _alert_tpl_render |
11 | | - (alert_lib 1.0.8) and mirrored in _lmd_render_entries; affects |
12 | | - --test-alert {scan,digest} telegram and real telegram alerts; issue #487 |
13 | | - |
14 | 3 | -- New Features -- |
15 | 4 |
|
16 | 5 | [New] hookscan: audit-trail coverage for pre-scan validation decisions — |
17 | 6 | filename rejection (non_printable, metachar, traversal, relative_path), |
18 | 7 | homedir-restriction violation, scan timeout, and scan error now emit |
19 | 8 | pattern_matched/error_occurred/hook_timeout/hook_failed events to |
20 | | - audit.log with mode= and reason= extras; closes G-04 (single-file |
21 | | - path) from docs/specs/2026-03-24-audit-log-coverage-assessment.md |
| 9 | + audit.log with mode= and reason= extras (filename validation reordered |
| 10 | + to run after elog_lib sourcing so rejection events reach audit.log); |
| 11 | + closes G-04 single-file path from |
| 12 | + docs/specs/2026-03-24-audit-log-coverage-assessment.md |
22 | 13 | [New] hookscan: BATS coverage for ftp mode (pure-ftpd CallUploadScript) |
23 | 14 | including UPLOAD_VUSER env-var auto-detect and explicit-ftp-overrides; |
24 | 15 | ftp mode is logger-only on stdout (fire-and-forget per pure-uploadscript |
25 | 16 | contract); docs/specs/2026-03-23-hookscan-improvement-proposal.md §3b |
26 | 17 |
|
27 | 18 | -- Changes -- |
28 | 19 |
|
29 | | -[Change] hookscan: filename validation block reordered to run after |
30 | | - elog_lib sourcing so rejection events reach audit.log; rejection |
31 | | - path semantics unchanged (still bails before any scan work) |
32 | 20 | [Change] release: version bump 2.0.1 -> 2.0.2 |
33 | | -[Change] headers: sweep 33 source files (sub-libs, hookscan.sh, uninstall.sh, |
34 | | - cron.daily, service files, clean scripts) to v2.0.2 banner — parent |
35 | | - CLAUDE.md "All version/copyright headers must stay in sync" |
36 | 21 | [Change] ignore_inotify.defaults: add Dovecot doveconf tempfiles |
37 | 22 | (/tmp/doveconf., /var/tmp/doveconf.) — Plesk mail subsystem; issue #488 |
38 | | -[Change] alert_lib: vendored 1.0.7 -> 1.0.8 (escape_mode + skip_tokens in |
39 | | - _alert_tpl_render) |
| 23 | + |
| 24 | + -- Bug Fixes -- |
| 25 | + |
| 26 | +[Fix] quarantine: symlink TOCTOU guards across scan-to-quarantine |
| 27 | + (_batch_quarantine pre-filter + per-file, _quarantine_file, quar_hitlist |
| 28 | + callers), restore (_validate_restore_path), and clean-failure |
| 29 | + re-quarantine (clean); SECURITY-FINDINGS P2-1 + P3-6 deferred from 2.0.1 |
| 30 | +[Fix] alert: telegram delivery failed on MarkdownV2 reserved characters in |
| 31 | + substituted token values; wired escape_mode + skip_tokens in |
| 32 | + _alert_tpl_render (vendored alert_lib 1.0.7 -> 1.0.8) and mirrored in |
| 33 | + _lmd_render_entries; affects --test-alert {scan,digest} telegram and |
| 34 | + real telegram alerts; issue #487 |
40 | 35 |
|
41 | 36 | v2.0.1 | Mar 25 2026: |
42 | 37 |
|
|
0 commit comments